AMENDMENTS TO THE CLAIMS 

The following listing of claims will replace all prior versions and listings of claims 
in the application. 

1 - 22. (Cancelled) 

23. (Currently amended) The security system as recited in claim [[20]] 34. 
wherein the onboard security management system further operates to provide an alert 
message to the terrestrial-based system when an intrusion event is detected. 

24-25. (Cancelled) 

26. (Currently amended) The security system recited in claim [[20]] 34, 
wherein said status indicator indication provides a status of a current operational state 
of each one of a plurality of network user access points of the onboard network. 

27. (Currently amended) The security system recited in claim 26, wherein the 
indicator indication indicates one of: 

a normal operational state; 

a suspect operational state wherein an intrusion event is suspected; and 
a disconnect state in which access by a user of a specific access point on the 
onboard network is prevented. 
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28-33. (Cancelled) 



34. (Previously Presented) In a mobile platform, a security system for 
monitoring an onboard communication system communicating with a terrestrial-based 
system over an intermittent link, the security system comprising: 

an onboard network accessible to a plurality of users onboard the mobile 
platform; 

an intrusion detection system onboard the mobile platform for monitoring the 
onboard network for detecting if a potential intrusion event has occurred by one of the 
plurality of users onboard the mobile platform; and 

an onboard security management system responsive to the intrusion detection 
system for initiating an action to address the potential intrusion event, based on a set of 
security policies, the action able to be directed to at least a selected one of a plurality of 
user access points on the onboard network, and the onboard security management 
system receives updates to said security policies from the terrestrial-based system 
while said intermittent link is operational; 

wherein the action includes one of: 

notifying a particular user on the onboard network that a suspected 
intrusion event has occurred; or 

blocking access by the particular user to the onboard network; 

the security system further provides a status indication as to a status of the 
onboard network. 
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35. (Canceled) 



36. (Previously Presented) The security system recited in claim 34, wherein 
the onboard security management system notifies the terrestrial-based system that a 
potential intrusion event has occurred. 

37. (Previously Presented) The security system recited in claim 34, where the 
action taken by the onboard security management system further includes installing a 
network traffic blocking filter on said user access point on which a potential intrusion 
event has occurred. 

38. (Previously Presented) A method for monitoring an onboard network on a 
mobile platform, in which the onboard network is in intermittent communication with a 
terrestrial-based system, the method comprising: 

providing a plurality of network access points to users on the mobile platform; 

monitoring the onboard network to detect an intrusion event made by at least one 
of the users on the mobile platform; 

using a security management system onboard the mobile platform, and 
responsive to notification of an intrusion event, to initiate a security action to address the 
intrusion event, in accordance with a set of security policies, where the security action 
can be directed to one or more selected access points on the network; 
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indicating an operational status of the network, and updating the security policies 
while the onboard network is in communication with the terrestrial-based system over 
an intermittent link. 

39. (Canceled) 



Serial No. 09/992,310 



Page 5 of 6 



